Avatars add-on for miniBB has been recently updated to the newer version, which now
avoids .mbb extension.
The uploaded pictures will be saved with the original, pre-defined mime-type extension, which for avatars preferrably should be either jpg, gif, or png.
It became obsolete to have '.mbb' extension for picture files, as it may be associated with ManaBook Software extension or Kodak EasyShare Data File. It is even more dangerous, if such extension is not within the associated server's mime-type extensions. For example, on Apache servers, it's not pre-defined in myme.types configuration.
The primary configuration change (under
addon_avatar_options.php) is that now $availableTypes is being renamed to
$avatarAvailableTypes, and it is an associated array of all possible mime-types to upload and their defined extensions. In most cases, you should not change this array from default.
$avatarDir now will contain the full path to the avatars folder. The script will no longer try to create this folder, if it doesn't exist. It should be purely created by the person who installs this add-on, and set the proper file permissions for writing. That also means, you could create a folder named other than 'avatars'. Up to you.
$maxFileSize is now being renamed to
$avatarMaxFileSize, and has 10 Kbytes by default.
Steps to upgrade this add-on from your older version are:
- replace
addon_avatar.php with the newer copy from the
distributed package;
- from this package, take the fresh version of
bb_plugins.code.txt, and replace the Avatars code in your
bb_plugins.php;
- modify/rename all settings like described above and like they come by default in
addon_avatar_options.php (or just replace this file);
-
test the add-on for some account, trying to upload an avatar, or choose from pre-defined list; also make sure after being deleted, the avatar's file disappears from avatars folder.
If it all does work in the new mode, now it's the time to
convert earlier members avatars, which were uploaded with .mbb extension.
For this, you might use the tool I've programmed, called
addon_avatars_mbb_convert.php. After downloading, unzip it to the forum's folder, and point your browser to it. If you would like to run it in the test mode first, set $testMode=TRUE; inside of this script at the very top. This will allow just to see what kind of uploaded avatars you have, and what will happen with them after you run the conversion script.
Afterall, set $testMode=FALSE; and execute this script via browser's URL. It should convert all .mbb avatars to their proper extensions, and update users database information.
Check how it worked for older avatars. Do you see them on page? Click some avatar by the right mouse button and choose "Properties" for it. If it has some original picture extension, i.e. jpg, gif or png - congratulations! You did everything properly. Now your Avatars add-on should be more secured and reliable.
Report in this thread, if you will have difficulties with this update.
Thank you for paying attention to your forums Security.